Personal data processing outside the territory of Bulgaria

As a rule Yettel strives not to send personal data processed according to this Policy outside the territory of the European Union (EU) and the European Economic Area (EEA). In certain cases, however, it may become necessary to send particular data to persons outside EU/EEA (e.g. for the provision of a service for maintenance of an information system of Yettel which cannot be performed without access to personal data) in compliance with the provisions of the applicable legislation and as described in this Policy.

If it becomes necessary for Yettel to send personal data of a supplier – natural person, representative, contact person and/or employee to a non-EU or EEA country, this shall be done in compliance with this Policy and in the presence of one of the below conditions:
•Where there is a decision of the European Commission under which the respective country provides an adequate level of personal data protection;
•When an agreement has been made with the organization to which personal data are sent, containing the standard data protection clauses as approved by the European Commission by Decision No 2010/87/ЕС (more information is available on the following page of the Commission for Personal Data Protection: www.cpdp.bg);
•When the transfer of data is necessary for the performance of an obligation to the respective supplier, representative, contact person and/or employee;
•When it is necessary to make a data transfer to an organization in the USA, such transfer is made as far as the respective organization is a member of the Privacy Shield approved by decision of the European Commission on 26.07.2016 (more information is available on the following page: ec.europa.eu/info/strategy/justice-and-fundamental-rights/data-protection_en).